Miroslav Grepl
954ef8ad92
- fixes to allow /var/run and /var/lock as tmpfs
...
- Allow chrome sandbox to connect to web ports
- Allow dovecot to listem on lmtp and sieve ports
- Allov ddclient to search sysctl_net_t
- Transition back to original domain if you execute the shell
2010-11-30 11:39:40 +00:00
Miroslav Grepl
b63541e55b
- Remove duplicate declaration
2010-11-25 16:53:58 +00:00
Miroslav Grepl
05f913e88b
- Update to upstream
...
- Cleanup for sandbox
- Add attribute to be able to select sandbox types
2010-11-25 12:21:34 +00:00
Miroslav Grepl
3daa6c760b
- Allow ddclient to fix file mode bits of ddclient conf file
...
- init leaks file descriptors to daemons
- Add labels for /etc/lirc/ and
- Allow amavis_t to exec shell
- Add label for gssd_tmp_t for /var/tmp/nfs_0
2010-11-22 12:12:57 +01:00
Dan Walsh
d6719f6ecb
- Put back in lircd_etc_t so policy will install
2010-11-18 16:27:30 -05:00
Miroslav Grepl
4eb45ebeaa
- Turn on allow_postfix_local_write_mail_spool
...
- Allow initrc_t to transition to shutdown_t
- Allow logwatch and cron to mls_read_to_clearance for MLS boxes
- Allow wm to send signull to all applications and receive them from users
- lircd patch from field
- Login programs have to read /etc/samba
- New programs under /lib/systemd
- Abrt needs to read config files
2010-11-18 17:37:29 +01:00
Miroslav Grepl
582d2c5d2c
- Update to upstream
...
- Dontaudit leaked sockets from userdomains to user domains
- Fixes for mcelog to handle scripts
- Apply patch from Ruben Kerkhof
- Allow syslog to search spool dirs
2010-11-16 09:46:19 +01:00
Miroslav Grepl
cbb8d59931
- Allow nagios plugins to read usr files
...
- Allow mysqld-safe to send system log messages
- Fixes fpr ddclient policy
- Fix sasl_admin interface
- Allow apache to search zarafa config
- Allow munin plugins to search /var/lib directory
- Allow gpsd to read sysfs_t
- Fix labels on /etc/mcelog/triggers to bin_t
2010-11-15 18:27:23 +01:00
Dan Walsh
763342ad3a
- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t
...
- Allow saslauthd_t to create krb5_host_rcache_t files in /tmp
- Fix xserver interface
- Fix definition of /var/run/lxdm
2010-11-12 11:08:35 -05:00
Dan Walsh
519b05a70f
- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t
2010-11-12 10:59:01 -05:00
Dan Walsh
50dacaca09
- kdump leaks kdump_etc_t to ifconfig, add dontaudit
...
- uux needs to transition to uucpd_t
- More init fixes relabels man,faillog
- Remove maxima defs in libraries.fc
- insmod needs to be able to create tmpfs_t files
- ping needs setcap
- init executes mcelog, initrc_t needs to manage faillog.
- fix xserver_ralabel_xdm_tmp_dirs
- Allow dovecot_deliver_t to list dovecot_etc_t
- Run acroread as execmem_t
2010-11-12 09:56:06 -05:00
Miroslav Grepl
9238df00c5
- Turn on mediawiki policy
...
- kdump leaks kdump_etc_t to ifconfig, add dontaudit
- uux needs to transition to uucpd_t
- More init fixes relabels man,faillog
- Remove maxima defs in libraries.fc
- insmod needs to be able to create tmpfs_t files
- ping needs setcap
2010-11-12 13:47:15 +01:00
Dan Walsh
7297a334b4
- Fix init to be able to relabel wtmp, tmp files
2010-11-10 14:39:23 -05:00
Miroslav Grepl
5d168a352b
- Allow groupd transition to fenced domain when executes fence_node
...
- Fixes for rchs policy
- Allow mpd to be able to read samba/nfs files
2010-11-10 11:04:39 +01:00
Dan Walsh
ded1efb9d8
- Fix up corecommands.fc to match upstream
...
- Make sure /lib/systemd/* is labeled init_exec_t
- mount wants to setattr on all mountpoints
- dovecot auth wants to read dovecot etc files
- nscd daemon looks at the exe file of the comunicating daemon
- openvpn wants to read utmp file
- postfix apps now set sys_nice and lower limits
- remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly
- Also resolves nsswitch
- Fix labels on /etc/hosts.*
- Cleanup to make upsteam patch work
- allow abrt to read etc_runtime_t
2010-11-09 17:41:15 -05:00
Dan Walsh
fc9bf2f03d
- Add conflicts for dirsrv package
2010-11-09 07:55:52 -05:00
Dan Walsh
3e0b7834a6
- Update to upstream
...
- Add vlock policy
2010-11-05 14:22:36 -04:00
Dan Walsh
6e50b74774
- Update to upstream
...
- Add vlock policy
2010-11-05 12:40:49 -04:00
Dan Walsh
06262c1566
- Update to upstream
...
- Add vlock policy
2010-11-05 12:40:07 -04:00
Dan Walsh
c52856e6d8
- Fix sandbox to work on nfs homedirs
...
- Allow cdrecord to setrlimit
- Allow mozilla_plugin to read xauth
- Change label on systemd-logger to syslogd_exec_t
- Install dirsrv policy from dirsrv package
2010-11-05 07:32:45 -04:00
Dan Walsh
9896599663
-
2010-11-02 17:07:21 -04:00
Dan Walsh
9754f472c7
- Allow NetworkManager to read openvpn_etc_t
...
- Dontaudit hplip to write of /usr dirs
- Allow system_mail_t to create /root/dead.letter as mail_home_t
- Add vdagent policy for spice agent daemon
2010-11-01 14:37:25 -04:00
Dan Walsh
7a208696f9
- Dontaudit sandbox sending sigkill to all user domains
...
- Add policy for rssh_chroot_helper
- Add missing flask definitions
- Allow udev to relabelto removable_t
- Fix label on /var/log/wicd.log
- Transition to initrc_t from init when executing bin_t
- Add audit_access permissions to file
- Make removable_t a device_node
- Fix label on /lib/systemd/*
2010-10-28 15:55:48 -04:00
Dan Walsh
2bb6181f15
- Fixes for systemd to manage /var/run
...
- Dontaudit leaks by firstboot
2010-10-22 16:35:00 -04:00
Dan Walsh
bac270827d
- Allow chome to create netlink_route_socket
...
- Add additional MATHLAB file context
- Define nsplugin as an application_domain
- Dontaudit sending signals from sandboxed domains to other domains
- systemd requires init to build /tmp /var/auth and /var/lock dirs
- mount wants to read devicekit_power /proc/ entries
- mpd wants to connect to soundd port
- Openoffice causes a setattr on a lib_t file for normal users, add dontaudit
- Treat lib_t and textrel_shlib_t directories the same
- Allow mount read access on virtual images
2010-10-22 08:26:00 -04:00
Dan Walsh
4da7659056
- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs.
2010-10-18 13:18:55 -04:00
Dan Walsh
c849c84305
- Allow cobblerd to list cobler appache content
2010-10-15 11:35:17 -04:00
Dan Walsh
d33e644851
- Fixup for the latest version of upowed
...
- Dontaudit sandbox sending SIGNULL to desktop apps
2010-10-15 10:26:39 -04:00
Dan Walsh
618ed7aec9
- Update to upstream
2010-10-13 10:00:44 -04:00
Dan Walsh
5a152bc135
- Update to upstream
2010-10-12 16:47:46 -04:00
Dan Walsh
f0a56ee31d
-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access
...
- dovecot-auth_t needs ipc_lock
- gpm needs to use the user terminal
- Allow system_mail_t to append ~/dead.letter
- Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf
- Add pid file to vnstatd
- Allow mount to communicate with gfs_controld
- Dontaudit hal leaks in setfiles
2010-10-12 16:10:57 -04:00
Dan Walsh
dd20c25744
Rebuild with latest code
2010-10-08 17:00:50 -04:00
Dan Walsh
6f934680a8
- Allow smbd to use sys_admin
...
- Remove duplicate file context for tcfmgr
- Update to upstream
2010-10-07 14:55:49 -04:00
Dan Walsh
6f256d240d
- Allow smbd to use sys_admin
...
- Remove duplicate file context for tcfmgr
2010-10-07 09:59:45 -04:00
Dan Walsh
0daa8b731a
- Fix fusefs handling
...
- Do not allow sandbox to manage nsplugin_rw_t
- Allow mozilla_plugin_t to connecto its parent
- Allow init_t to connect to plymouthd running as kernel_t
- Add mediawiki policy
- dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs.
- Disable transition from dbus_session_domain to telepathy for F14
- Allow boinc_project to use shm
- Allow certmonger to search through directories that contain certs
- Allow fail2ban the DAC Override so it can read log files owned by non root users
2010-10-07 09:19:43 -04:00
Dan Walsh
b1cbbd0768
- Start adding support for use_fusefs_home_dirs
...
- Add /var/lib/syslog directory file context
- Add /etc/localtime as locale file context
2010-10-04 14:50:39 -04:00
Dan Walsh
fbd9ca071a
- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
...
- Turn off iptables from unconfined user
- Allow sudo to send signals to any domains the user could have transitioned to.
- Passwd in single user mode needs to talk to console_device_t
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
- locate tried to read a symbolic link, will dontaudit
- New labels for telepathy-sunshine content in homedir
- Google is storing other binaries under /opt/google/talkplugin
- bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug
- Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15
- modemmanger and bluetooth send dbus messages to devicekit_power
- Samba needs to getquota on filesystems labeld samba_share_t
2010-10-01 12:06:09 -04:00
Dan Walsh
5ae8fb66d8
- Dontaudit attempts by xdm_t to write to bin_t for kdm
...
- Allow initrc_t to manage system_conf_t
2010-09-30 09:50:49 -04:00
Dan Walsh
7c487e9739
- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory.
...
- Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets
- Allow confined users to read xdm_etc_t files
- Allow xdm_t to transition to xauth_t for lxdm program
2010-09-27 10:31:36 -04:00
Dan Walsh
e25799116a
- Pull in cleanups from dgrift
...
- Allow mozilla_plugin_t to execute mozilla_home_t
- Allow rpc.quota to do quotamod
2010-09-24 12:03:50 -04:00
Dan Walsh
42c814d215
- Cleanup policy via dgrift
...
- Allow dovecot_deliver to append to inherited log files
- Lots of fixes for consolehelper
2010-09-23 17:40:24 -04:00
Dan Walsh
1d153ea0ea
- Fix up Xguest policy
2010-09-22 18:36:47 -04:00
Dan Walsh
ea3b7b5dff
- Add vnstat policy
...
- allow libvirt to send audit messages
- Allow chrome-sandbox to search nfs_t
2010-09-16 18:00:00 -04:00
Dan Walsh
a24e6a6700
- Update to upstream
2010-09-16 07:59:03 -04:00
Dan Walsh
ba8c31f5cd
- Allow all domains that can use cgroups to search tmpfs_t directory
...
- Allow init to send audit messages
2010-09-14 16:16:56 -04:00
Dan Walsh
a0e8efd42c
- Update to upstream
2010-09-13 16:17:15 -04:00
Dan Walsh
30a7d17203
- Add policy for ajaxterm
2010-09-09 09:58:12 -04:00
Dan Walsh
6e2d7f3a82
- Handle /var/db/sudo
...
- Allow pulseaudio to read alsa config
- Allow init to send initrc_t dbus messages
2010-09-08 21:24:49 -04:00
Dan Walsh
64d84cf8ec
Allow iptables to read shorewall tmp files
...
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port
2010-09-08 14:17:07 -04:00
Dan Walsh
482c9f3ad9
- Merge upstream fix of mmap_zero
...
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
2010-09-02 13:43:28 -04:00
Dan Walsh
a7a2367a59
- Merge with upstream
2010-08-30 17:34:52 -04:00
Dan Walsh
6578cf7413
- More access needed for devicekit
...
- Add dbadm policy
2010-08-30 11:58:36 -04:00
Dan Walsh
ba77266a14
- Merge with upstream
2010-08-26 20:35:53 -04:00
Dan Walsh
370d04ed3c
- Allow seunshare to fowner
2010-08-25 09:45:26 -04:00
Dan Walsh
cc138e86b5
- Allow cron to look at user_cron_spool links
...
- Lots of fixes for mozilla_plugin_t
- Add sysv file system
- Turn unconfined domains to permissive to find additional avcs
2010-08-24 22:48:06 -04:00
Dan Walsh
63265668f0
- Update policy for mozilla_plugin_t
2010-08-23 18:01:46 -04:00
Dan Walsh
eee39f9d8e
- Allow clamscan to read proc_t
...
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
2010-08-23 17:29:52 -04:00
Dan Walsh
19988ca76d
- Allow clamscan_t execmem if clamd_use_jit set
...
- Add policy for firefox plugin-container
2010-08-20 09:36:56 -04:00
Dan Walsh
3798ee962a
- label dead.letter as mail_home_t
2010-08-17 07:22:11 -04:00
Dan Walsh
922cd61e83
* Tue Aug 10 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-12
...
- Fix devicekit_power bug
- Allow policykit_auth_t more access.
2010-08-11 07:55:04 -04:00
Daniel J Walsh
d4bb132c2e
- Merge in fixes from dgrift repository
2010-07-27 20:34:21 +00:00
Daniel J Walsh
7f5d8f30d0
- Update boinc policy
...
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0
2010-07-27 17:28:04 +00:00
Daniel J Walsh
a1ef703492
- New paths for upstart
2010-07-26 21:46:12 +00:00
Daniel J Walsh
8d55a410dc
- New permissions for syslog
...
- New labels for /lib/upstart
2010-07-26 20:32:18 +00:00
Daniel J Walsh
f3fc10528f
- Allow systemd to setsockcon on sockets to immitate other services
2010-07-22 16:58:58 +00:00
Daniel J Walsh
9f811efbbb
- Remove debugfs label
2010-07-21 14:57:11 +00:00
Daniel J Walsh
d66bec6356
- Update to latest policy
2010-07-20 17:48:36 +00:00
Daniel J Walsh
1df2fc2bba
- Fix eclipse labeling from IBMSupportAssasstant packageing
2010-07-19 21:16:41 +00:00
Daniel J Walsh
3f1005a67d
- Make boot with systemd in enforcing mode
2010-07-15 20:04:35 +00:00
Daniel J Walsh
0f2ae00c61
- Update to upstream
2010-07-15 13:11:25 +00:00
Daniel J Walsh
9c1bcc22e3
- Add boolean to turn off port forwarding in sshd.
2010-07-12 21:15:05 +00:00
Miroslav Grepl
be922a1fae
- Add support for ebtables
...
- Fixes for rhcs and corosync policy
2010-07-09 15:28:31 +00:00
Daniel J Walsh
6c42218d9d
-Update to upstream
2010-06-28 17:19:34 +00:00
Daniel J Walsh
fa98e0ec52
-Update to upstream
2010-06-21 14:31:26 +00:00
Daniel J Walsh
5f371acada
-Update to upstream
2010-06-18 20:14:28 +00:00
Daniel J Walsh
7c727a891e
- Add Zarafa policy
2010-06-16 20:19:22 +00:00
Daniel J Walsh
f2403c5b4f
- Cleanup of aiccu policy
...
- initial mock policy
2010-06-11 15:39:46 +00:00
Daniel J Walsh
f651bb6fdc
- Lots of random fixes
2010-06-09 21:31:42 +00:00
Daniel J Walsh
b39ccca147
- Update to upstream
2010-06-08 21:23:21 +00:00
Daniel J Walsh
632048ceb1
- Update to upstream
...
- Allow prelink script to signal itself
- Cobbler fixes
2010-06-07 21:15:35 +00:00
Daniel J Walsh
bca242c772
- Add xdm_var_run_t to xserver_stream_connect_xdm
...
- Add cmorrord and mpd policy from Miroslav Grepl
2010-06-02 19:36:11 +00:00
Daniel J Walsh
e51284403f
- Fix sshd creation of krb cc files for users to be user_tmp_t
2010-06-01 20:56:58 +00:00
Daniel J Walsh
4abfc011a4
- Fixes for accountsdialog
...
- Fixes for boinc
2010-05-28 12:39:05 +00:00
Daniel J Walsh
65c6e4c421
- Fix label on /var/lib/dokwiki
...
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls
2010-05-27 16:14:50 +00:00
Daniel J Walsh
bc4089cfaa
- Update to upstream
2010-05-26 21:15:42 +00:00
Daniel J Walsh
a72c31df34
- Update to upstream
2010-03-18 15:47:35 +00:00
Daniel J Walsh
add957370e
- Merge with upstream
2010-02-16 22:10:14 +00:00
Daniel J Walsh
3c551b85fe
- Allow sandbox to work with MLS
2010-02-11 21:54:06 +00:00
Daniel J Walsh
43c7f5f787
- Make Chrome work with staff user
2010-02-10 22:26:52 +00:00
Daniel J Walsh
487de6f251
- Add icecast policy
...
- Cleanup spec file
2010-02-08 22:06:23 +00:00
Daniel J Walsh
30c21992cb
- Add mcelog policy
2010-02-03 20:52:58 +00:00
Daniel J Walsh
a62c6405cc
- Lots of fixes found in F12
2010-02-02 16:41:03 +00:00
Daniel J Walsh
b2f6b0698f
- Fix rpm_dontaudit_leaks
2010-01-28 15:44:39 +00:00
Daniel J Walsh
4d67b40db1
- Add getsched to hald_t
...
- Add file context for Fedora/Redhat Directory Server
2010-01-27 21:54:00 +00:00
Daniel J Walsh
b0f36568e1
- Allow abrt_helper to getattr on all filesystems
...
- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so
2010-01-27 17:08:59 +00:00
Daniel J Walsh
b65afa2940
- Add gstreamer_home_t for ~/.gstreamer
2010-01-22 15:26:39 +00:00
Daniel J Walsh
faec5c2a14
- Update to upstream
2010-01-18 22:40:25 +00:00
Daniel J Walsh
3b54668c40
Update spec file to suck in the correct version of selinux-policy packages
2010-01-15 21:39:39 +00:00
Daniel J Walsh
89ad5ea38f
- Turn on puppet policy
...
- Update to dgrift git policy
2010-01-14 21:49:18 +00:00
Daniel J Walsh
fc05ac0660
- Move users file to selection by spec file.
...
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
2010-01-11 22:06:55 +00:00
Daniel J Walsh
352dafd046
- Update to upstream
2010-01-07 21:59:22 +00:00
Daniel J Walsh
6049e24424
- Remove most of the permissive domains from F12.
2010-01-06 21:57:07 +00:00
Daniel J Walsh
485ded565a
- Add cobbler policy from dgrift
2010-01-05 22:09:02 +00:00
Daniel J Walsh
1e86f3f158
- add usbmon device
...
- Add allow rulse for devicekit_disk
2010-01-04 21:31:54 +00:00
Daniel J Walsh
4478a9a993
- Lots of fixes found in F12, fixes from Tom London
2009-12-30 14:44:54 +00:00
Daniel J Walsh
08b890455e
- Cleanups from dgrift
2009-12-23 18:39:12 +00:00
Daniel J Walsh
daebd59668
- Cleanups from dgrift
2009-12-23 18:37:23 +00:00
Daniel J Walsh
e2f53dfaec
- Cleanups from dgrift
2009-12-23 13:02:27 +00:00
Daniel J Walsh
550cc5f4f4
- Add back xserver_manage_home_fonts
2009-12-22 17:25:13 +00:00
Daniel J Walsh
7d40583319
- Dontaudit sandbox trying to read nscd and sssd
2009-12-21 22:53:07 +00:00
Daniel J Walsh
b4675412e2
- Update to upstream
2009-12-18 21:18:10 +00:00
Daniel J Walsh
6ca563ec01
- Rename udisks-daemon back to devicekit_disk_t policy
2009-12-17 19:36:22 +00:00
Daniel J Walsh
e54cc7c3e4
- Fixes for abrt calls
2009-12-16 23:01:00 +00:00
Daniel J Walsh
9c90ba7e8e
- Add tgtd policy
2009-12-16 13:30:38 +00:00
Daniel J Walsh
755e2d6934
- Add tgtd policy
2009-12-11 20:18:55 +00:00
Daniel J Walsh
9eef358da0
- Update to upstream release
2009-12-10 19:20:14 +00:00
Daniel J Walsh
f2a1dcd3d4
- Add asterisk policy back in
...
- Update to upstream release 2.20091117
2009-11-25 20:19:12 +00:00
Daniel J Walsh
ee88b050c5
- Add asterisk policy back in
2009-11-20 16:55:54 +00:00
Daniel J Walsh
ce8c76d673
- Add asterisk policy back in
2009-11-20 16:31:54 +00:00
Daniel J Walsh
55acbfd715
- Update to upstream release 2.20091117
2009-11-18 22:22:56 +00:00
Daniel J Walsh
5e44eb8657
- Update to upstream
2009-11-14 05:18:01 +00:00
Daniel J Walsh
32594a1112
- Allow vpnc request the kernel to load modules
2009-10-02 15:15:36 +00:00
Daniel J Walsh
aaf52ff041
- Add plymouth policy
2009-09-30 18:50:23 +00:00
Daniel J Walsh
d976a83a17
- Allow cupsd_config to read user tmp
...
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t
2009-09-30 17:37:44 +00:00
Daniel J Walsh
8b10e3abd7
- Update rhcs policy
2009-09-29 12:38:58 +00:00
Daniel J Walsh
85582d623f
- Allow users to exec restorecond
2009-09-25 18:47:07 +00:00
Daniel J Walsh
f5a104d238
- Allow sendmail to request kernel modules load
2009-09-24 23:30:16 +00:00
Daniel J Walsh
4c2f298bf2
- Fix all kernel_request_load_module domains
2009-09-22 12:49:53 +00:00
Daniel J Walsh
405a74c394
- Fix all kernel_request_load_module domains
2009-09-21 13:55:41 +00:00
Daniel J Walsh
41f8e385a1
- Remove allow_exec* booleans for confined users. Only available for
...
unconfined_t
2009-09-20 14:32:30 +00:00
Daniel J Walsh
8323d545c4
- More fixes for sandbox_web_t
2009-09-19 02:03:03 +00:00
Daniel J Walsh
ab462917cf
- Allow sshd to create .ssh directory and content
2009-09-18 22:12:25 +00:00
Daniel J Walsh
d53d158d2b
- Fix request_module line to module_request
2009-09-18 20:44:00 +00:00
Daniel J Walsh
1fb0a98434
- Fix sandbox policy to allow it to run under firefox.
...
- Dont audit leaks.
2009-09-18 16:20:05 +00:00
Daniel J Walsh
9de7033708
- Fixes for sandbox
2009-09-17 21:41:30 +00:00
Daniel J Walsh
69290fd9df
- Update to upstream
...
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice
2009-09-16 17:50:32 +00:00
Daniel J Walsh
23e7082b4b
- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
...
- Remove policycoreutils-python requirement except for minimum
2009-09-15 21:45:12 +00:00
Daniel J Walsh
6b7b0c1cdc
- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
...
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at
the same time.)
2009-09-15 18:26:13 +00:00
Daniel J Walsh
e20e351e10
- Add wordpress/wp-content/uploads label
...
- Fixes for sandbox when run from staff_t
2009-09-11 21:15:35 +00:00
Daniel J Walsh
ddc8588081
- Update to upstream
...
- Fixes for devicekit_disk
2009-09-10 15:38:44 +00:00
Daniel J Walsh
ab8f807545
- More fixes
2009-09-09 21:08:02 +00:00
Daniel J Walsh
b8498d1e5b
- More fixes
2009-09-08 23:55:31 +00:00
Daniel J Walsh
123ae9957d
- Lots of fixes for initrc and other unconfined domains
2009-09-08 14:30:36 +00:00
Daniel J Walsh
72bc25da0e
- Allow xserver to use netlink_kobject_uevent_socket
2009-09-07 01:29:07 +00:00
Daniel J Walsh
1a2981be4a
- Dontaudit setroubleshootfix looking at /root directory
2009-09-02 13:33:15 +00:00
Daniel J Walsh
65c3f9a0a8
- Update to upsteam
2009-08-31 21:27:50 +00:00
Daniel J Walsh
cb5670ca1b
- Allow gssd to send signals to users
...
- Fix duplicate label for apache content
2009-08-31 13:39:37 +00:00
Daniel J Walsh
faf9cbbc4b
- Update to upstream
2009-08-28 20:55:16 +00:00
Daniel J Walsh
38d427a08f
- Remove polkit_auth on upgrades
2009-08-28 18:56:15 +00:00
Daniel J Walsh
42f9effee7
- Add back in unconfined.pp and unconfineduser.pp
...
- Add Sandbox unshare
2009-08-26 20:19:02 +00:00
Daniel J Walsh
07c04f81b6
- Add back in unconfined.pp and unconfineduser.pp
2009-08-26 14:02:27 +00:00
Daniel J Walsh
89e3546337
- Fixes for cdrecord, mdadm, and others
2009-08-26 12:12:39 +00:00
Daniel J Walsh
080ce6f2c8
- Add capability setting to dhcpc and gpm
2009-08-23 13:55:48 +00:00
Daniel J Walsh
8e64d7d393
- Allow cronjobs to read exim_spool_t
2009-08-22 11:51:13 +00:00
Daniel J Walsh
c5f5b5dbcb
- Add ABRT policy
2009-08-21 22:58:28 +00:00
Daniel J Walsh
e3dd4912ce
- Fix system-config-services policy
2009-08-20 17:48:51 +00:00
Daniel J Walsh
fc8ff2feac
- Allow libvirt to change user componant of virt_domain
2009-08-20 00:02:37 +00:00
Daniel J Walsh
40243d944f
- Allow cupsd_config_t to be started by dbus
...
- Add smoltclient policy
2009-08-18 22:43:34 +00:00
Daniel J Walsh
9c270225e5
- Add policycoreutils-python to pre install
2009-08-18 12:34:26 +00:00
Daniel J Walsh
b2c5e72a15
- Make all unconfined_domains permissive so we can see what AVC's happen
2009-08-13 22:33:07 +00:00
Daniel J Walsh
7fe210d864
- Add pt_chown policy
2009-08-12 20:10:51 +00:00
Daniel J Walsh
867473ac62
- Add kdump policy for Miroslav Grepl
...
- Turn off execstack boolean
2009-08-10 18:22:10 +00:00
Bill Nottingham
ac7bbfa65a
- Turn on execstack on a temporary basis ( #512845 )
2009-08-07 19:36:54 +00:00
Daniel J Walsh
4de3826dbf
- Allow nsplugin to connecto the session bus
...
- Allow samba_net to write to coolkey data
2009-08-07 11:51:54 +00:00
Daniel J Walsh
e21330348f
- Allow devicekit_disk to list inotify
2009-08-05 21:31:17 +00:00
Daniel J Walsh
4816e90c52
- Allow svirt images to create sock_file in svirt_var_run_t
2009-08-05 20:37:39 +00:00
Daniel J Walsh
4673269d66
- Allow exim to getattr on mountpoints
...
- Fixes for pulseaudio
2009-08-04 11:32:06 +00:00
Daniel J Walsh
947b439e10
- Allow svirt_t to stream_connect to virtd_t
2009-07-31 19:05:34 +00:00
Daniel J Walsh
af4fa8266c
- Allod hald_dccm_t to create sock_files in /tmp
2009-07-31 11:02:24 +00:00
Daniel J Walsh
abd1536931
- More fixes from upstream
2009-07-30 20:30:26 +00:00
Daniel J Walsh
c6e2224c70
- Fix polkit label
...
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries
2009-07-30 04:31:53 +00:00
Daniel J Walsh
3750561a72
- Update to upstream
2009-07-28 19:08:17 +00:00
Daniel J Walsh
9160520a0e
- Allow certmaster to override dac permissions
2009-07-27 22:09:57 +00:00
Daniel J Walsh
df7055d5b3
- Update to upstream
2009-07-23 21:47:41 +00:00
Daniel J Walsh
8da0248476
- Fix context for VirtualBox
2009-07-19 16:04:30 +00:00
Daniel J Walsh
2360ff9f3f
- Update to upstream
2009-07-15 19:12:04 +00:00
Daniel J Walsh
a88b486824
- Fixes for xguest
2009-07-08 15:37:57 +00:00
Daniel J Walsh
819f419b33
- fix multiple directory ownership of mandirs
2009-07-07 21:06:52 +00:00
Tom Callaway
a85aeff615
fix duplicate directory ownership with filesystem, policycoreutils
2009-07-07 15:41:05 +00:00
Daniel J Walsh
d9676a6ada
- Update to upstream
2009-07-06 21:16:26 +00:00
Daniel J Walsh
bcc53daced
- Add rules for rtkit-daemon
2009-06-30 11:46:56 +00:00
Daniel J Walsh
7b16d569d8
- Update to upstream
...
- Fix nlscd_stream_connect
2009-06-26 20:13:04 +00:00
Daniel J Walsh
221642f17f
- Add rtkit policy
2009-06-25 21:43:36 +00:00
Daniel J Walsh
d399fb4d25
- Allow rpcd_t to stream connect to rpcbind
2009-06-24 20:45:26 +00:00
Daniel J Walsh
9850f4d30d
- Allow kpropd to create tmp files
2009-06-24 13:15:55 +00:00
Daniel J Walsh
93dc66eaeb
- Fix last duplicate /var/log/rpmpkgs
2009-06-23 13:23:52 +00:00
Daniel J Walsh
a9f0953822
- Update to upstream
...
add sssd
2009-06-22 22:27:58 +00:00
Daniel J Walsh
8866315d40
- Update to upstream
...
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-20 13:59:00 +00:00
Daniel J Walsh
6071093529
- Update to upstream
...
- Additional mail ports
- Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00
Daniel J Walsh
9386d6f55f
- Fix mcs rules to include chr_file and blk_file
2009-06-18 20:01:47 +00:00
Daniel J Walsh
e3bf6793cb
- Add label for udev-acl
2009-06-18 14:42:34 +00:00
Daniel J Walsh
f8df9e54c4
- Additional rules for consolekit/udev, privoxy and various other fixes
2009-06-15 20:04:07 +00:00
Daniel J Walsh
49883e898d
- New version for upstream
2009-06-15 15:26:20 +00:00
Daniel J Walsh
d3ae977ab7
- New version for upstream
2009-06-12 18:59:09 +00:00
Daniel J Walsh
6b838056a8
- Allow NetworkManager to read inotifyfs
2009-06-11 21:26:42 +00:00
Daniel J Walsh
aa7b9cbc5e
- Allow setroubleshoot to run mlocate
2009-06-10 17:50:55 +00:00
Daniel J Walsh
8197718634
- Update to upstream
2009-06-08 21:47:04 +00:00
Daniel J Walsh
9ee63df41a
- New log file for vmware
...
- Allow xdm to setattr on user_tmp_t
2009-05-26 16:57:59 +00:00
Daniel J Walsh
ef7416c2b8
- Upgrade to upstream
2009-05-22 14:37:43 +00:00
Daniel J Walsh
eead2a6f25
- Allow fprintd to access sys_ptrace
...
- Add sandbox policy
2009-05-20 17:28:24 +00:00